nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

From: Matthew Palmer <mpalmer () hezmatt org>
Date: Tue, 5 Jun 2007 09:57:19 +1000

On Mon, Jun 04, 2007 at 08:12:45PM +0100, Colm MacCarthaigh wrote:

The argument can go either way, you can spin it as a benefit for the
network operator ("wow, user activity and problems are now more readily
identifiable and trackable") or you can see it as an organisational
privacy issue ("crap, now macrumors can tell that the CEO follows them
obsessively"). 


Surely that second quote should be "crap, now macrumors can tell that one
person in our office follows them obsessively"?  Unless there's
publically-available information that indicates that IP address is your
CEO's (which is a whole other topic -- publically available rDNS for
company-internal IPv6 ranges).

Talking about HTTP traffic in particular, though, it's pretty likely that
macrumors already knows that they've only got one person in your office
following them obsessively already, using cookies.  It's a rare CEO that
knows to block most cookies (and clear out their cookie jar regularly).


NAT is still evil though, the problems it causes operationally are
just plain not worth it.


Amen to that.

- Matt

-- 
I have always wished that my computer would be as easy to use as my
telephone. My wish has come true. I no longer know how to use my telephone.
                -- Bjarne Stroustrup
Previous By Date Next
Previous By Thread Next

Current thread: